SocGen serves as security warning

SocGen serves as security warning
SocGen serves as security warning 

The Dominion Post 
18 February 2008

A visiting security expert employed by software giant CA in France hopes 
big businesses will realise they need to spend more money securing their 
computer systems in the wake of Societe Generale's 4.9-billion euro 
rogue trading scandal.

Matthew Gardiner, who was in Wellington last week, says it would be sad 
if business leaders concluded instead that they were throwing money into 
a bottomless pit.

Mr Gardiner, an American who lives 20 miles from rogue trader Jerome 
Kerviel's home in Brittany, has been following the case to see what 
lessons can be learned for clients.

The Daily Telegraph reported that SocGen employed 2000 people in its 
compliance department who should have been able to quickly spot any 
irregular trading by using an automatic computerised warning system.

Full details have yet to emerge about how Kerviel circumvented the 
bank's systems. The newspaper reported that Kerviel was a "computer 
whiz" who knew how to turn off the bank's warning systems.

The bank was not a major CA client but was not regarded as a soft 
target, Mr Gardiner says.

He says a contributing factor may have been that Kerviel had worked in 
the bank's back office and in compliance before becoming a trader.

A common flaw in company security systems is that IT staff and other 
"privileged users" are given too much access to systems to make it 
easier for them do their jobs, he says. "One per cent of the time it is 
a problem."

Mr Gardiner hopes for a "rational response" from business leaders. IT 
security experts employed by businesses know "99 per cent of the time" 
what needs to be done to better secure their businesses, but are often 
constrained by budgets.

If anything good comes out of the SocGen scandal it is that business 
managers will "go to them and have a talk", he says.

"IT needs money to invest in people, processes and technology, and the 
other side doesn't know why they need it and whether it is justified. 
Major businesses are based 100 per cent on IT. The clock is not going to 
roll back."

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods